Chromebook Pixel - Can't access SeaBIOS (Ctrl-l) after changing gbb flag

[Pat Wall]

Hi Folks

I have a Fedora install on an external disk attached to my Pixel which I had been booting with the SeaBIOS option.  I decided to experiment with the gbb flags to see if I could reduce the 30 second boot delay. I tried the option /usr/bin/set_gbb_flags.sh 0x11 (short_delay + boot_usb). It appeared to fail and when I restarted the Pixel I got the “Chrome OS is missing or damaged” screen. 

I have since tried recovering and enabling DEV mode several times and running "crossystem dev_boot_usb=1 dev_boot_legacy=1" but each time on boot the Pixel just emits two short beeps after hitting Ctrl-l :(

I have also tried "/usr/bin/set_gbb_flags.sh 0" but it doesn't make any difference. If I press the tab key at the boot screen (OS Verification is Off)  I can see that "dev_boot_usb" and "dev_boot_legacy" are both set to 1.

I would be very grateful if anyone has any suggestions to get Ctrl-l working again.

Thanks in advance!

Pat

[Sonny Rao]

did you actually remove the write-protect washer? If not then
set_gbb_flags shouldn't do anything. In case you did undo the
write-protect and something happened to the SeaBIOS part of the
firmware, you could also try using a recovery stick
(chrome://imageburner) to get back to default firmware.

> --
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-os-dis...@chromium.org.

[Pat Wall]

Hi Sonny

Many thanks for the reply. I didn't remove the write-protect washer and the set_gbb_flags report as being currently set to 0x0 so nothing _seems_ to have changed. 

I tried recovery a few times from a usb stick with v29 Chrome OS but it hasn't made any difference. I'll try chrome://imageburner again and see if a new image is available. If I still can't get to SeaBIOS I will document the exact steps I have taken and hopefully something will jump out. 

Thanks again

Pat

> email to chromium-os-discuss+unsub...@chromium.org.

[Sonny Rao]

You can also hit tab at the dev screen (verification is off) and see
whether dev_boot_legacy=1 is set or not

>> > email to chromium-os-dis...@chromium.org.

>
> --
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
>
> To unsubscribe from this group and stop receiving emails from it, send an

> email to chromium-os-dis...@chromium.org.

[Pat Wall]

Hi Sonny

Well still no luck I'm afraid with getting legacy mode (Ctrl-l) to work.

I recovered the Pixel again with a new chrome://imageburner created SD card, enabled DEV mode and set dev_boot_legacy=1.

It still just beeps twice when I press Ctrl-l at the DEV screen :(

I have attached a picture of the DEV screen after pressing tab. Is there anything else worth trying?

Thanks again

Pat

>> > email to chromium-os-discuss+unsub...@chromium.org.

>
> --
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
>
> To unsubscribe from this group and stop receiving emails from it, send an

> email to chromium-os-discuss+unsub...@chromium.org.

[Sonny Rao]

Bill, it looks like control-L should work here, since dev_boot_legacy=1
Any ideas?

>> >> > email to chromium-os-dis...@chromium.org.

>> >
>> > --
>> > --
>> > Chromium OS discuss mailing list: chromium-...@chromium.org
>> > View archives, change email options, or unsubscribe:
>> > http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>> >
>> >
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an

>> > email to chromium-os-dis...@chromium.org.

>
> --
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
>
> To unsubscribe from this group and stop receiving emails from it, send an

> email to chromium-os-dis...@chromium.org.

[Pat Wall]

Hi Folks

I have updated to the latest Stable release for the Pixel but still no joy with getting Ctrl-L to do anything other than emit two beeps at the Dev screen.

Version 31.0.1650.62

Platform 4731.81.0 (Official Build) stable-channel link

Firmware Google_Link.2695.1.133

sudo crossystem produces the following output if it is of help.

chronos@localhost / $ sudo crossystem

arch                   = x86                            # Platform architecture

clear_tpm_owner_request = 0                              # Clear TPM owner on next boot

clear_tpm_owner_done   = 0                              # Clear TPM owner done

cros_debug             = 1                              # OS should allow debug features

dbg_reset              = 0                              # Debug reset mode request (writable)

ddr_type               = unknown                        # Type of DDR RAM

disable_dev_request    = 0                              # Disable virtual dev-mode on next boot

dev_boot_usb           = 1                              # Enable developer mode boot from USB/SD (writable)

dev_boot_legacy        = 1                              # Enable developer mode boot Legacy OSes (writable)

dev_boot_signed_only   = 0                              # Enable developer mode boot only from official kernels (writable)

devsw_boot             = 1                              # Developer switch position at boot

devsw_cur              = 1                              # Developer switch current position

ecfw_act               = RO                             # Active EC firmware

fmap_base              = 0x00610000                     # Main firmware flashmap physical address

fwb_tries              = 0                              # Try firmware B count (writable)

fwid                   = Google_Link.2695.1.133         # Active firmware ID

fwupdate_tries         = 0                              # Times to try OS firmware update (writable, inside kern_nv)

hwid                   = LINK WISTERIA BGZ-K 3255       # Hardware ID

kern_nv                = 0x00000000                     # Non-volatile field for kernel use

kernkey_vfy            = sig                            # Type of verification done on kernel key block

loc_idx                = 0                              # Localization index for firmware screens (writable)

mainfw_act             = A                              # Active main firmware

mainfw_type            = developer                      # Active main firmware type

nvram_cleared          = 1                              # Have NV settings been lost?  Write 0 to clear

oprom_needed           = 1                              # Should we load the VGA Option ROM at boot?

platform_family        = IvyBridge                      # Platform family type

recovery_reason        = 0                              # Recovery mode reason for current boot

recovery_request       = 0                              # Recovery mode request (writable)

recovery_subcode       = 0                              # Recovery reason subcode (writable)

recoverysw_boot        = 0                              # Recovery switch position at boot

recoverysw_cur         = 0                              # Recovery switch current position

recoverysw_ec_boot     = 0                              # Recovery switch position at EC boot

ro_fwid                = Google_Link.2695.1.133         # Read-only firmware ID

savedmem_base          = 0x00f00000                     # RAM debug data area physical address

savedmem_size          = 1048576                        # RAM debug data area size in bytes

sw_wpsw_boot           = 0                              # Firmware write protect software setting enabled at boot

tpm_fwver              = 0x00010004                     # Firmware version stored in TPM

tpm_kernver            = 0x00040001                     # Kernel version stored in TPM

tried_fwb              = 0                              # Tried firmware B before A this boot

vdat_flags             = 0x00000e5e                     # Flags from VbSharedData

vdat_timers            = LFS=0,38134496 LF=559836572,616699720 LK=616921332,19198456020 # Timer values from VbSharedData

wpsw_boot              = 1                              # Firmware write protect hardware switch position at boot

wpsw_cur               = 1                              # Firmware write protect hardware switch current position

 

Does anything stand out as obviously wrong as to why SeaBIOS is no longer accessible?

Thanks again

Pat 

[Sonny Rao]

Can you try this:
flashrom -r /tmp/bios.bin && gbb_utility -g --flags /tmp/bios.bin

and see if the output is non-zero?

[Pat Wall]

Hi Sonny

Here is the output.

localhost / # flashrom -r /tmp/bios.bin && gbb_utility -g --flags /tmp/bios.bin

flashrom v0.9.4  : a6f9c4a : Sep 20 2013 00:52:16 UTC on Linux 3.8.11 (x86_64), built with libpci 3.1.10, GCC 4.7.x-google 20130114 (prerelease), little endian

Block protection could not be disabled!

Reading flash... SUCCESS

flags: 0x00000000

Thanks again for all your help

Pat

> email to chromium-os-discuss+unsub...@chromium.org.

[Sonny Rao]

I tested a Pixel here and the only difference I'm seeing is the
vdat_flags are slightly different
Pat's Pixel has 0xe5e and min has 0xe5c but are otherwise identical

Bill do you know what those last two bits mean? I rooted through the
vboot source a bit but wasn't certain of what i was looking for.

Pat could you also boot it up and run "cbmem -c" and post the output?

>> > email to chromium-os-dis...@chromium.org.

>
> --
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
>
> To unsubscribe from this group and stop receiving emails from it, send an

> email to chromium-os-dis...@chromium.org.

[Randall Spangler]

On Thu, Dec 5, 2013 at 6:20 PM, Sonny Rao <sonn...@chromium.org> wrote:

I tested a Pixel here and the only difference I'm seeing is the
vdat_flags are slightly different
Pat's Pixel has 0xe5e and min has 0xe5c but are otherwise identical

Bill do you know what those last two bits mean?  I rooted through the
vboot source a bit but wasn't certain of what i was looking for.

Flags here: VBSD_* in https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/master/firmware/include/vboot_struct.h

/*
 * LoadKernel() verified the good kernel keyblock using the kernel subkey from
 * the firmware.  If this flag is not present, it just used the hash of the
 * kernel keyblock.
 */
#define VBSD_KERNEL_KEY_VERIFIED        0x00000002

[Pat Wall]

Hi Sonny

Here is the output of cbmem -c:

http://goo.gl/FRbaI8

and also in the attached file cbmem.txt.

Thanks!

Pat

>> > email to chromium-os-discuss+unsub...@chromium.org.

>
> --
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
>
> To unsubscribe from this group and stop receiving emails from it, send an

> email to chromium-os-discuss+unsub...@chromium.org.

[Gabe Black]

I didn't work on the legacy boot feature myself, but I have an idea of how it works and this little tidbit from cbmem -c seems to be important:

CBFS not initialized.
No file "payload" found in CBFS.

I believe the legacy boot feature is implemented using seabios which is in a CBFS (coreboot file system, basically a linked list of data blobs with headers) in a non-verified and writable portion of the flash. It looks like you might have wiped out or damaged that area somehow, and since the firmware can't find/load seabios you can't do legacy boot.

I'm not sure exactly what procedure you can use to restore that area, although I can't imagine it being too difficult with the right instructions. I'm also not sure whether that would be taken care of by a recovery boot since it's in an unusual place. That could explain why recovering didn't help, but then again I don't know exactly how it handles that area.

Gabe

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-os-dis...@chromium.org.

[Pat Wall]

Hi Gabe

Many thanks for the detailed explanation. It certainly seems like I have wiped SeaBIOS alright. Hopefully someone will be able to provide instructions to recover it.

Thanks again Gabe and to everyone who has contributed. Really appreciate it :)

Pat

--

[Pat Wall]

Hi All

If I were to follow the instructions posted here by Stefan: http://www.seabios.org/pipermail/seabios/2013-April/006135.html

specifically this section of the post:

I also uploaded an image with your change to

http://www.coreboot.org/~stepan/seabios.cbfs.bz2

Flash it on the ChromeBook with:

# cd /tmp

# flashrom -r image.rom

# dd if=seabios.cbfs of=image.rom seek=2 bs=2M conv=notrunc

# flashrom -w image.rom -i RW_LEGACY

Would this possibly reinstate the payload? 

Even better, is it possible to obtain the stock Pixel payload and write it back to the relevant area?

Thanks in advance

Pat

--
--
Chromium OS discuss mailing list: chromium-os-discuss@chromium.org

View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
 

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-os-discuss+unsub...@chromium.org.

[Sonny Rao]

If the problem is bad seabios in flash, think that should fix it. I
just tried it on a Pixel and it seemed to work. I first corrupted the
legacy part by writing in zeros and then restored it using the
seabios.cbfs from the link above.
Naturally, you should keep copies of the original firmware that you
read off. You could even verify if the image that's in your flash
matches the one from coreboot.org first.

>>>> Chromium OS discuss mailing list: chromium-...@chromium.org

>>>> View archives, change email options, or unsubscribe:
>>>> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>>>>
>>>>
>>>> To unsubscribe from this group and stop receiving emails from it, send

>>>> an email to chromium-os-dis...@chromium.org.
>>>
>>>
> --
> --
> Chromium OS discuss mailing list: chromium-...@chromium.org

> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
>
>
> To unsubscribe from this group and stop receiving emails from it, send an

> email to chromium-os-dis...@chromium.org.

[Pat Wall]

Hi Sonny

That did the trick. Ctrl-L is now booting to SeaBIOS again - happy days  :D

Many thanks again for all your help. 

All the best

Pat

On Monday, December 9, 2013, Sonny Rao wrote:

If the problem is bad seabios in flash,  think that should fix it.  I
just tried it on a Pixel and it seemed to work.  I first corrupted the
legacy part by writing in zeros and then restored it using the
seabios.cbfs from the link above.
Naturally, you should keep copies of the original firmware that you
read off.  You could even verify if the image that's in your flash
matches the one from coreboot.org first.

[Carmelo]

Randall Spangler <rspangler@...> writes:


> > email to chromium-os-discuss+unsubscribe-
F7+t8E8rja9...@public.gmane.org.
> --
> --
> Chromium OS discuss mailing list: chromium-os-discuss-
F7+t8E8rja9...@public.gmane.org

> View archives, change email options, or
unsubscribe:http://groups.google.com/a/chromium.org/group/chromium-os-
discuss?hl=en
>
>
>
>
>

Hello !

I have the same problem ... but with a Acer c720p ...

Is there a rom file available to enable my SeaBIOS again ?

Thanks !

[craigb...@gmail.com]

On Monday, 3 February 2014 22:03:59 UTC, Carmelo wrote:

I have the same problem ... but with a Acer c720p ...

Is there a rom file available to enable my SeaBIOS again ?

I also have this problem on an Acer C720 but it seems the fix that worked above is specific to the Pixel. Does anyone know of an equivalent fix for the C720?

(This seems like a rather nasty bug in the set_gbb_flags.sh script, since it allows people to put their Chromebook into an undefined state, which a recovery can't fix. I was led to believe that unless I disable SPI write protection, I couldn't really do any "permanent" damage.)

[craigb...@gmail.com]

Disregard my last post -- I found this:

  http://www.coreboot.org/pipermail/coreboot/2014-February/077158.html

...which fixed the issue nicely (thanks Aaron).

[Mike Frysinger]

if we consider these insns safe (since it only updates the rw/legacy
slot), maybe we should include them in our wiki ? how do people feel
about that ?
-mike

[Hung-Te Lin]

I can confirm the instruction is pretty safe and correct, so it should
be OK to be included in wiki pages.

FYI set_gbb_flags.sh is now updated to always check write protection
state before trying to modify SPI.
We hope that can prevent more people from falling into the broken state.

[Mike Frysinger]

sounds great. i've added details to the Pixel & C720 page (which the
other haswell pages link to as well).
http://dev.chromium.org/chromium-os/developer-information-for-chrome-os-devices/chromebook-pixel#TOC-Legacy-Boot-Doesn-t-Work
-mike

[Greg S]

I have a Pixel on which I've installed Linux. I think I've installed Linux three times now. Each time it works fine until one day it randomly switches to dev_boot_legacy=0 again and I have to reinstall chromeos, then flip dev_boot_legacy and reinstall Linux all over again. 

Under what circumstamces does it flip to dev_boot_legacy=0 ? My best guess is that it's whenever the battery dies which is perhaps happening even though the laptop is suspended if it stays suspended for too long?

If I remove the washer will it stop doing this? Is this a simple operation? I see references to the washer online but nothing documenting what effect removing it has or even instructing on how to remove it. I haven't looked at it myself, is it as simple as unscrewing a screw, removing the washer and replacing the screw?

[Nick]

Quoth Greg S:

> Under what circumstamces does it flip to dev_boot_legacy=0 ? My
> best guess is that it's whenever the battery dies which is perhaps
> happening even though the laptop is suspended if it stays
> suspended for too long?

Yes, that setting is battery backed, so if the battery runs down to
completely empty then it gets reset. I wrote a little daemon that
hard shuts down my laptop when the battery level drops to 10%, to
ensure that it never happens. I don't tend to use suspend much, so
that angle wouldn't catch me.

Again, a custom built coreboot would fix this (it could just ignore
those settings), but all in good time...

Nick

[Greg Stark]

On Sat, Mar 22, 2014 at 1:27 PM, Nick <chromium-...@njw.me.uk> wrote:

Yes, that setting is battery backed, so if the battery runs down to
completely empty then it gets reset. I wrote a little daemon that
hard shuts down my laptop when the battery level drops to 10%, to
ensure that it never happens. I don't tend to use suspend much, so
that angle wouldn't catch me.

Hm. I'm having trouble thinking how this would work. If I power it down what maintains this flag? Does this mean even if I power it down the battery is still maintaining a small bit of vram? So even if you power down at 10% wouldn't it eventually run out?

 

Again, a custom built coreboot would fix this (it could just ignore
those settings), but all in good time...

So if I understand this right I would need to remove the washer but this wouldn't be sufficient. I would need to remove the washer which would let me install a coreboot image instead of Seabios, and *that* would then guarantee my Linux image didn't get wiped?

Actually what's frustrating is that the Linux image is there perfectly intact, I'm just not able to get to it... But that's working as intended I guess 

--
greg

[Nick]

[PTerri]

Well, it shocked to see that my system had been set up with Linux and was in Dev mode... I had been meaning to get around to it, but I wanted to wait til I had a chance that I could sit and go through the entire boot process.  However, I'm still unable to install any kind of app, or view any files, other than pdf's and docs...  I'm getting frustrated.

On Sunday, November 24, 2013 2:32:40 PM UTC-8, Pat Wall wrote:

Hi Folks

[Luís de Sousa]

Hi everyone,

I am having the same issue reported here with an Acer Chromebook 13 (CB5-311), Ctrl+L simply beeps at the boot screen. Would the instructions referenced in this thread (and reported in the Wiki) function on this model?

Thank you.

[Mike Frysinger]

it's highly unlikely your issue is related to this thread. please start a new one.
-mike

--

[akin oluka]

On Sunday, November 24, 2013 at 11:32:40 PM UTC+1, Pat Wall wrote:

Hi Folks

I have a Fedora install on an external disk attached to my Pixel which I had been booting with the SeaBIOS option.  I decided to experiment with the gbb flags to see if I could reduce the 30 second boot delay. I tried the option /usr/bin/set_gbb_flags.sh 0x11 (short_delay + boot_usb). It appeared to fail and when I restarted the Pixel I got the “Chrome OS is missing or damaged” screen. 

I have since tried recovering and enabling DEV mode several times and running "crossystem dev_boot_usb=1 dev_boot_legacy=1" but each time on boot the Pixel just emits two short beeps after hitting Ctrl-l :(

I have also tried "/usr/bin/set_gbb_flags.sh 0" but it doesn't make any difference. If I press the tab key at the boot screen (OS Verification is Off)  I can see that "dev_boot_usb" and "dev_boot_legacy" are both set to 1.

I would be very grateful if anyone has any suggestions to get Ctrl-l working again.

Thanks in advance!

Pat

Hi Pat, I need the steps to overcome this same problem please, my hp chromebook beeps twice when you hit ctrl L instead of entering the legacy bios